Cyber Security

Three Axes of Discussion to Build up a Cyber Security Agenda at Board Level

The times have gone when the CISO had to explain what cyber security was about and the value it brought

In the face of non-stop cyber-attacks, and the urgency of change around cyber security practices in large firms, the CISO has to be – first and foremost – a leader.

When some people say they don’t know what to do around cyber, you may want to ask them where they have been for the last 10 years…

For a number of years, I have been puzzled by the high idea some cyber security professionals seem to have that their job is about convincing other people: Convincing users that they need to do certain things to protect themselves and their data; Convincing the Board that they need to invest more to protect the business, etc…

In an era where attacks are increasingly more sophisticated, it is critical that the defensive capabilities you employ can collect, assemble, and interpret the data flowing through your network.

These data fragments are the building blocks of intelligence that form early warning signs that your network may be under attack and being able to identify these vital warning signs can dramatically decrease the Mean-Time-To-Mitigation (MTTM).

Stop buying more tech for the sake of it and start focusing on the decluttering of your cyber security landscape.

For the past two decades, most large organizations have kept addressing cyber security as a purely technical problem.

Cyber security is an ever evolving and expanding challenge and a lot of businesses struggle to keep up with the changing threat landscape.

The costs of implementing the necessary technologies and personnel to proactively monitor and investigate threats in-house could very quickly become very expensive – not to mention ensuring regulatory compliance and minimising alert fatigue among the team.

The BTN was recently delighted to partner again with RiskRecon, a Mastercard Company, for an exclusive roundtable, specialising in risk assessment automation and cyber risk management, to discuss ‘The Business Case for Situational Awareness in Your Supply Chain'.

The session looked at what can we be doing to increase the visibility of supply chain threats? How do we determine and identify risky vendors in our ecosystem? And where do we start when building an action-oriented 3rd party risk program?

The new normal consists of cloud and device insecurity. Did you know that nearly 70% of respondents said their firm has struggled to maximize the productivity of remote workers without exposing them or their devices to new risk. 75% said they agree that to be better prepared, their firms must update their technical reference architectures for cloud security and ensure that ZT design principles are baked into cloud adoption and migration.

“Process and People first, THEN Technology” will always be at the heart of the winning formula here

Before the COVID-19 pandemic, remote work was a relatively uncommon job perk. By mid-2020, it became a necessity with nearly half of all employees working remotely during the pandemic.